When hackers bypass SSL

Written by Dan Blacharski on March 10, 2009

A good piece of standard advice to protect against phish attacks is to pay attention to SSL. Bogus web sites can be made to look like the real thing, but before entering in any account details, one precaution is to check to make sure the URL begins with “https”. This of course, means that the connection is encrypted via SSL. This is commonly used in all banking and e-commerce sites. You should also make sure you are on an encrypted connection when checking email from a public WiFi location.

Good advice of course, but nowhere near enough. There’s a new tool floating around out there, called SSLstrip, which was revealed at the Black Hat DC Briefings last month. The tool tricks users into thinking they are on an encrypted site.

SSL is a simple protocol that directs a user from an http page to a secure, https page, where the login occurs. The SSLstrip hack switches the hyperlink reference to http from https, so the user is instead directed to an insecure page. Hackers may add a padlock icon to the bogus page to make it appear legitimate. And to make it even more attractive, the hacker can refer the victim back to the legitimate SSL page after they have already collected the victim’s login information.

About Dan Blacharski

The corporate world unceremoniously booted Dan Blacharski out of his cubicle over 15 years ago, and he’s never looked back. Since that time, he has been a full-time professional freelance writer, public relations consultant and analyst, and has published six books and thousands of articles. He divides his time between South Bend, Indiana and Bangkok, and married the renowned Thai writer Charoenkwan Prakthong in 2005. He and his wife enjoy traveling the world, and spending time with their Boston Terrier, Pladook.
  • (required)
  • (required)